retadpul000272 and more!

[fpsprodigy]

I've been having some problems with popups and random errors as of today. My computer has started to run very slow. Opening My Computer or even just any folder takes about 5 minutes or so. I've tried using Adaware SE and Spybot, but the malicious programs keep appearing, even after I delete them. I ran this internet scan, but I couldn't find the resulting log so I copied this. Thanks if you can help.


Internet Scan
Scan Results: 44728 files scanned. 11 viruses were detected.

File Infection Status Path
A0094567.CPY Win32/Chisyne!generic infected C:\_RESTORE\TEMP\
A0092410.CPY Win32/Chisyne!generic infected C:\_RESTORE\TEMP\
A0092414.CPY Win32/Chisyne!generic infected C:\_RESTORE\TEMP\
A0093415.CPY Win32/Harnig!generic infected C:\_RESTORE\TEMP\
A0093429.CPY Win32/Clspring!generic infected C:\_RESTORE\TEMP\
A0093484.CPY Win32/Chisyne!generic infected C:\_RESTORE\TEMP\
mljiifg.dll Win32/Chisyne!generic infected C:\WINDOWS\SYSTEM\
ljjjiig.dll Win32/Chisyne!generic infected C:\WINDOWS\SYSTEM\
fcccawt.dll Win32/Chisyne!generic infected C:\WINDOWS\SYSTEM\
rqrqnop.dll Win32/Chisyne!generic infected C:\WINDOWS\SYSTEM\
mstB3.TMP Win32/Aflac.D infected C:\WINDOWS\TEMP\


HJT
Logfile of HijackThis v1.99.1
Scan saved at 7:24:03 PM, on 5/10/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOVDX05.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPOHID05.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET T SERIES 9X\BIN\HPOSTR05.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {40E1AE37-6284-3E50-A34C-6BE33EE7F89D} - C:\WINDOWS\SYSTEM\AMPGH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Dead Soft Slow Thunk] C:\WINDOWS\All Users\Application Data\closebenddeadsoft\pop heart.exe
O4 - HKLM\..\Run: [winskf32] rundll32 winskf32.dll,run
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Boot] C:\PROGRAM FILES\SCIONS OF FATE\CLIENT\XTRAP\XTrap.xt
O4 - HKCU\..\Run: [creative audio] C:\WINDOWS\APPLIC~1\AXISST~1\support help amen.exe
O4 - HKCU\..\Run: [Shos] "C:\My Documents\eaia\wuauclt.exe" -vt yazb
O4 - HKCU\..\RunServices: [creative audio] C:\WINDOWS\APPLIC~1\AXISST~1\support help amen.exe
O4 - HKCU\..\RunServices: [Shos] "C:\My Documents\eaia\wuauclt.exe" -vt yazb
O4 - Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series 9x\Bin\HPOstr05.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

[tashi]

Hello.

Sorry for the wait, however I see your HJT shows:

Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Win ME is an unsupported Operating System and therefore it cannot be updated or patched.

In my opinion, Helpers would be hesitant to spend their volunteer time on such, knowing that the machine will be reinfected as soon as it is cleaned up.

End of support for Windows 98 and Windows Me
http://forums.spybot.info/showpost.p...01&postcount=3

June 30, 2006 will bring a close to Extended Support for Windows 98, Windows 98 Second Edition, and Windows Me as part of the Microsoft Lifecycle Policy. Microsoft will retire public and technical support, including security updates, by this date.
Existing support documents and content, however, will continue to be available through the Microsoft Support Product Solution Center Web site. This Web site will continue to host a wealth of previous How-to, Troubleshooting, and Configuration content for anyone who may need self-service.

Microsoft is retiring support for these products because they are outdated and can expose customers to security risks. We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP, as soon as possible.

[fpsprodigy]

Oh okay thank you then. I guess the best thing for me to do now is reformat it.

[tashi]

Thank you for letting us know.

This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.